NAMFISA recently engaged stakeholders regarding the introduction of a Risk-Based Supervisory model. The model envisages nine steps and emphasises the trustees’ responsibility for mitigating the risks. However, given Namibia’s unique environment, is this model appropriate? This question will be explored further on.

1. The nine steps of NAMFISA’s proposed risk-based supervision (RBS)

NAMFISA will follow a structured process to assess the risks faced by pension funds:

1. Understanding the Fund: Analysing the fund's business, the economy, and industry trends.
2. Identifying Significant Activities: Determining the key operations of the fund (e.g., investments, benefit administration).
3. Assessing Inherent Risks: Evaluating the risks naturally present in each activity (e.g., investment risk, operational risk).
4. Assessing Operational Management, Oversight and Governance: Reviewing how well the fund manages its risks.
5. Assessing the Residual Risk: Determining the remaining risk after applying controls.
6. Assessing Overall Residual Risk: Combining the risks of all activities.
7. Assessing Funding, Earnings, and Liquidity: Checking the fund's financial health.
8. Assessing the Overall Risk Profile: Creating a complete picture of the fund's risk.
9. Developing an Intervention Strategy: Planning how NAMFISA will address identified risks.

Key Factors in Risk Assessment:

• • Macro Factors: Economic conditions, industry trends, and regulatory changes.
• • Environmental Factors: GDP, interest rates, inflation, political stability, etc.
• • Industry Factors: Analysis of industry trends and information from rating agencies.
• • Significant Activities: Key operations like investments, benefit administration, and contribution collection.
• • Inherent Risks: Operational, credit, market, market conduct, strategic, and legal/regulatory risks.
• • Quality of Risk Management (QRM): How well the fund's management and oversight functions manage risks.

How does this affect pension fund trustees?

• • Increased Scrutiny: Trustees should expect more detailed and risk-focused oversight from NAMFISA.
• • Focus on Risk Management: Trustees must ensure their funds have strong risk management processes.
• • Improved Reporting: Funds must provide accurate, timely, and transparent data to NAMFISA.
• • Emphasis on Governance: Trustees must demonstrate strong governance and oversight.
• • Understanding the Risk Matrix: Trustees should understand how the risk matrix assesses and rates their fund's risks.
• • Ladder of Supervisory Intervention: Trustees should know that NAMFISA will take graded actions based on the fund's risk rating.
• • Data Quality: Trustees will need to ensure that all data submitted to NAMFISA is of high quality.
• • Understanding of Macro and microeconomic factors: Trustees must understand how these factors affect the fund's investments and its ability to pay out benefits.

2. Adapting RBS to our unique circumstances

NAMFISA’s transition from compliance-based supervision to Risk-Based Supervision (RBS) is a commendable step towards proactive and efficient regulatory oversight; however, given the unique structure of the Namibian pensions industry, where only the Government Institutions Pension Fund (GIPF) operates with full internal administration, while other funds outsource key functions to third-party service providers, such as administrators, consultants, and asset managers. Recognising the unique operational environment of the industry, NAMFISA should adapt the RBS approach to ensure effective and efficient supervision.

3. Key Observations

Industry Structure and Systemic Risks

1. The Namibian pensions industry comprises approximately 60 funds, covering 330,000 members with N$ 234 billion in assets.
2. The GIPF alone holds 151,000 members and N$168 billion in assets, representing roughly half of the industry and making it the dominant player.
3. Except for the GIPF, all other funds outsource benefit design, administration, and investment management to a few established third-party service providers.
4. Third-party service providers effectively manage the operational risks of multiple funds, making them key systemic entities.

NAMFISA’s Proposed RBS Model

NAMFISA’s nine-step RBS model assesses risk at the individual fund level. While these nine steps align with global best practices, the focus on third-party-managed small and medium-sized funds creates regulatory blind spots in operational risk and cybersecurity, diverting resources unnecessarily to small and medium-sized funds whose boards effectively do not manage their operational risks.

4. Recommendations for an Enhanced RBS Model

Shift Supervision Focus to Third-Party Service Providers

Challenge: NAMFISA treats each pension fund as a separate entity, even though operational risks are concentrated among a few service providers.

Recommendation:

1. Classify third-party service providers as systemic risk entities requiring direct oversight.
2. Establish service provider risk scores based on financial stability, IT security, and operational resilience.

Strengthen Risk Oversight of Outsourced Operations

Challenge: NAMFISA’s framework does not differentiate between GIPF (which is self-administered) and funds outsourcing their key management functions.

Recommendation:

1. Create two supervisory streams:
   1. Direct supervision of GIPF as a fully integrated pension entity.
   2. Indirect oversight of funds through their third-party service providers.
2. Require third-party service providers to submit consolidated risk reports covering all client funds.

Introduce Cybersecurity and IT Resilience as a Regulatory Priority

Challenge: NAMFISA’s model does not explicitly address IT security risks despite administrators and asset managers managing critical pension data.

Recommendation:

1. Implement annual cybersecurity audits for third-party service providers handling pension fund operations.
2. Develop minimum cybersecurity standards aligned with global best practices.
3. To protect member data and pension payments, mandate business continuity and disaster recovery plans for third-party service providers.

Optimise NAMFISA’s Resource Allocation

Challenge: NAMFISA employs approximately 30 staff directly for pension fund supervision yet oversees 60 funds and multiple third-party service providers.

Recommendation:

1. Reduce direct supervision of small and medium-sized, low-risk funds and reallocate regulatory staff towards higher-risk service providers and the GIPF.
2. Implement a tiered intervention model, focusing more resources on high-risk entities

5. Conclusion

NAMFISA’s transition to Risk-Based Supervision is a positive move towards safeguarding the Namibian pensions industry. However, NAMFISA must adjust its focus towards third-party service providers, given their critical role in fund operations, to ensure its effectiveness. By implementing service provider risk scoring, cybersecurity audits, and optimising regulatory resources, NAMFISA can better protect pension fund members and provide financial system stability.

Important notice and disclaimer
This article summarises the understanding, observation and notes of the author and lays no claim on accuracy, correctness or completeness. RFS Namibia (Pty) Ltd does not accept any liability for the content of this contribution and no decision should be taken on the basis of the information contained herein before having confirmed the detail with the relevant party. Any views expressed herein are those of the author and not necessarily those of RFS.